Review a data management plan

It is valuable for researchers to consider early on – ideally before the research project begins – how data will be managed throughout the project. This helps ensure that data are handled securely, legally, and ethically, and creates good conditions for sharing data in accordance with the FAIR principles. This information is documented in a data management plan, DMP.

What a data management plan is and which parts should be updated during different phases of the research project is described on the page Data management plan at Researchdata.se. The contents of a data management plan vary depending on the tool or template used, the type of research being conducted, and requirements from the funder or institution. SND’s checklist for data management plans provides a useful overview of the types of information that a DMP may include, regardless of which tool the researcher uses. 

How to provide researchers with the best support for their data management plans depends on the routines in place at your organization. You may, for example, be able to sit down with the researcher and go through the DMP tool or template together. In any case, you are likely to, at some point during the research process, receive a draft DMP to review, which gives you the opportunity to suggest improvements. You can also assist by directing the researcher to the appropriate contacts for more complex questions. In this context, we refer to this support process as a review.  

In most cases, data management plans are created by having the researcher provide information in response to prompts in a template or digital tool. These often include explanations of the type of information expected in each response field. 

On this page, we have compiled suggestions for what to look for when reviewing a draft data management plan. The structure follows SND’s DMP checklist, but reflects the kind of content that is generally expected in a data management plan.

Contents of this page:

• Research principal
• Protecting the research data
• Collecting or producing research data
• Accessibility and long-term preservation

Research principal

It is important to from the beginning identify the research principal, meaning the organization legally responsible for the data. Check whether the researcher has a dual affiliation – for example, with both a hospital and a university – and which organization is the principal and responsible for the research. If the hospital is the principal, their regulations apply, such as the Patient Data Act (SFS 2008:355) .

A good way to clarify the question of research principal is to ask where the data will be archived. 

Where possible, the principal organization should be specified using a persistent identifier (ROR).

Protecting the research data

Data security and storage

Check whether the researcher plans to use the secure data storage systems provided by your organization. Ask if their chosen storage solution meets the appropriate security level for the information classification of the material. If not – especially if the data are sensitive – follow up with additional questions, such as where the data will be stored (within or outside the EU). Inform the researcher about potential risks for their chosen solutions, and any key requirements and guidelines. It may be wise to refer them to IT services or another unit with expertise in data storage. 

If the project involves collaboration, ask how data will be shared within the project. Will the data be stored in multiple locations, or will partners have remote access? Make sure the research group has a plan for how to manage shared work files, and by whom. Encourage them to consult the university’s legal office to draw up a research agreement.

Legal and ethical aspects

If the research involves collecting personal data, several legal and ethical obligations apply. Ensure the researcher is aware of the General Data Protection Regulation (GDPR), good research practice, and institutional policies on processing personal data. You may wish to refer them to SND’s handbook for data containing personal information.

If the research is subject to ethical review, this must be stated in the data management plan, along with information on who is responsible for submitting the ethics application. 

Remind the researcher that, where possible, data analysis should be carried out using pseudonymized data – but that pseudonymized data are not the same as anonymized data. Ask how any code key will be managed. Also be aware of indirect identifiers in research data and the risk of re-identification.

Collecting or producing research data

It is usually not difficult for researchers to describe how data will be collected – if anything, they may provide more detail about the collection method than necessary. Make sure the information actually answers the question: How will the data be created or collected? It is sufficient to state whether the data will be collected via interviews, surveys, healthcare records, register data, experiments, and so on. 

Documenting and organizing research data

Data must be documented and described with metadata. Researchers are often unfamiliar with the term metadata in this context. Provide examples of the types of metadata required for a dataset under the FAIR principles. One tip is to search for similar datasets on Researchdata.se and examine which fields are used in their descriptions.

Some data management plans may ask about metadata standards, which can cause confusion. In such cases, the term controlled vocabularies may be more familiar and easier to apply.

Data types and file formats

If you are familiar with the file formats typically used in a particular research field, you are likely to have a sense of whether the chosen format is appropriate for the types of data to be collected. If unsure, ask the researcher why they or their research team chose a particular format. 

Remember that open file formats are best suited for sharing and long-term preservation. If the project uses other formats, ask whether the researcher or research group has considered the implications for later stages, when the data will be prepared for sharing.  

Structured data management

Check that there is a plan for version control during the project. Will there be a designated master file? How will files be organized – into folders, and if so, how? 

Accessibility and long-term preservation

Is there a plan for making the data accessible? Let the researcher know that sharing data in line with the FAIR principles is most easily done through a repository, where both datasets and documentation can be published. If necessary, data can be shared with restricted access, but open access is preferable whenever possible.  

Inform the researcher that repositories automatically assign persistent identifiers (PIDs) to datasets. If the data are shared via SND’s documentation system DORIS, the dataset will receive a persistent identifier in the form of a DOI. 

Ensure that there is a plan for long-term storage of the data. Remind the researcher that sharing data in a repository does not in itself fulfil legal archiving requirements under the Swedish Archives Act; the research principal must also ensure that the full dataset is stored within their own organization.